000034481 - How to configure Security Analytics server to send FQDN in EHLO response.

Document created by RSA Customer Support Employee on Dec 1, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 3Show Document
  • View in full screen mode

Article Content

Article Number000034481
Applies ToRSA Product Set: Security Analytics
RSA Product/Service Type: SA Security Analytics Server
RSA Version/Condition: 10.6.x
Platform: CentOS
O/S Version: 6
 
IssueSA server fails to send any notification email even after configuring Global Notification with the correct SMTP setting.
Mail server is configured to accept only FQDN but monitoring the packets with tcpdump shows that SA server sends hostname instead of FQDN in EHLO response as shown below.
e.g. TestServer is shown instead of TestServer.test.local
05:34:23.842234 IP x.x.x.x.42635 > 10.106.48.137.25: Flags [P.], seq 1:18, ack 115, win 115, length 17
        0x0000:  4500 0039 4f50 4000 4006 86b2 0a3e 1f8c  E..9OP@.@....>..
        0x0010:  0a6a 3089 a68b 0019 ae27 17d8 25d5 592a  .j0......'..%.Y*
        0x0020:  5018 0073 64e8 0000 4548 4c4f 2011 512a  P..sd...EHLO.Test
        0x0030:  4733 5121 2312 420d 0a                   Server..

 
ResolutionBy default, postfix uses the hostname of the SA server in EHLO response.
In order to resolve the issue, follow the User Guide to change the hostname of the SA server to FQDN.
After following the User Guide to change the hostname, please modify /etc/puppet/csr_attributes.yaml on the SA server to update the hostname with FQDN and reboot the SA server host.

Attachments

    Outcomes